We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Companies anxiously watching their calendars to see if a new Safe Harbor program will be introduced before the end of January may get their wish: yesterday, a European Commission official announced that the Commission will inform the European Parliament of the outcome of negotiations for a new Safe Harbor program by Monday, February 1. This is especially welcome news for those Safe Harbor-certified companies that chose not to implement alternative legal mechanisms to legitimize their transatlantic data transfers (such as model contracts or binding corporate rules) after the Safe Harbor program was invalidated in October, and instead held out hope that a new agreement would be reached by the end of January – the point at which EU member states’ data protection authorities may start taking legal action against those companies engaging in unlawful cross-border data transfers.

Meanwhile, across the pond, US lawmakers gave another major hint that a deal may be close at hand. Yesterday, the Senate Judiciary Committee approved H.R. 1428 – better known as the Judicial Redress Act– which would give citizens of certain European countries the right to bring a civil action in the US against a US government agency for certain violations related to the protection of their personal data. The bill helps pave the way for Safe Harbor 2.0, as it is unlikely that a deal for a new Safe Harbor program could be concluded without a means of redress for Europeans who felt that the US government had misused their personal data. Notably, the Senate Judiciary Committee only approved the bill after amending it to predicate Europeans’ access to the US court system on EU member states’ allowing the transfer of personal data to the US for commercial purposes. Although the Judicial Redress Act and its amendment refer only to “covered countries” and “regional economic integration organizations,” and do not refer to the EU by name, there is little doubt that this bill is intended to ease data transfers between the US and Europe, specifically.

A new Safe Harbor may mean the much-anticipated return of a program that provided a relatively simple means to validate EU-to-US data transfers. However, the European Court of Justice invalidated the previous Safe Harbor largely due to concerns about the US government’s access to Europeans’ personal data, and the new program has been the subject of months of negotiation, so Safe Harbor 2.0 may look quite different than its predecessor. Check back here for the latest updates as the new Safe Harbor program continues to take shape.

Compare jurisdictions: BYOD: Bring Your Own Device

"I would like to thank the SCCA for this excellent service! The articles included in the newsfeeds are very useful and informative, and the user-friendly format of the newsfeeds means I can quickly glance over the précis in the emails to choose what to zoom in on."